diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh index 734379d..e6dc629 100644 --- a/CoreModules/apache/conf.sh +++ b/CoreModules/apache/conf.sh @@ -66,9 +66,11 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to sed -i -e 's#MONITCONF#'$monitconf'#' -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-MonitWebui.sh unset monitconf - # custom Welcome page echo "$webserv is functioning normally" > /var/www/html/index.html +#Add Apache as SSL service +echo "$apacheService" >> /etc/ICTM/SslServices + systemctl start $apacheService > $OUTPUT 2>&1 systemctl enable $apacheService > $OUTPUT 2>&1 \ No newline at end of file diff --git a/CoreModules/apache/config/apache2/site_ssl-unconfigured b/CoreModules/apache/config/apache2/site_ssl-unconfigured index 5a99a2b..5c401e0 100644 --- a/CoreModules/apache/config/apache2/site_ssl-unconfigured +++ b/CoreModules/apache/config/apache2/site_ssl-unconfigured @@ -6,8 +6,8 @@ ServerName DOMAINname SSLEngine on - SSLCertificateFile /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer - SSLCertificateKeyFile /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key + SSLCertificateFile /etc/acmesh/inst/DOMAINname/fullchain.pem + SSLCertificateKeyFile /etc/acmesh/inst/DOMAINname/key.pem Include snippets/apa-ssl.conf #ConfHere diff --git a/CoreModules/apache/config/apache2/site_ssl-wwwredir b/CoreModules/apache/config/apache2/site_ssl-wwwredir index 57c294b..5bcbf94 100644 --- a/CoreModules/apache/config/apache2/site_ssl-wwwredir +++ b/CoreModules/apache/config/apache2/site_ssl-wwwredir @@ -6,8 +6,8 @@ ServerName www.DOMAINname SSLEngine on - SSLCertificateFile /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer - SSLCertificateKeyFile /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key + SSLCertificateFile /etc/acmesh/inst/DOMAINname/fullchain.pem + SSLCertificateKeyFile /etc/acmesh/inst/DOMAINname/key.pem Include snippets/apa-ssl.conf Redirect permanent / https://DOMAINname/ \ No newline at end of file diff --git a/CoreModules/nginx/conf.sh b/CoreModules/nginx/conf.sh index 5733e62..4f96f79 100644 --- a/CoreModules/nginx/conf.sh +++ b/CoreModules/nginx/conf.sh @@ -51,9 +51,11 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to sed -i -e 's#MONITCONF#'$monitconf'#' /opt/toggle/toggle-MonitWebui.sh unset monitconf - # custom Welcome page echo "$webserv is functioning normally" > /usr/share/nginx/html/index.html +#Add Nginx as SSL service +echo "nginx" >> /etc/ICTM/SslServices + systemctl start nginx > $OUTPUT 2>&1 systemctl enable nginx > $OUTPUT 2>&1 \ No newline at end of file diff --git a/CoreModules/nginx/config/nginx/site_ssl-unconfigured b/CoreModules/nginx/config/nginx/site_ssl-unconfigured index cc758ed..66ceba3 100644 --- a/CoreModules/nginx/config/nginx/site_ssl-unconfigured +++ b/CoreModules/nginx/config/nginx/site_ssl-unconfigured @@ -13,9 +13,9 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name DOMAINname; - ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; - ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key; - ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; + ssl_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem; + ssl_certificate_key /etc/acmesh/inst/DOMAINname/key.pem; + ssl_trusted_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem; include snippets/ngx-ssl.conf; diff --git a/CoreModules/nginx/config/nginx/site_ssl-wwwredir b/CoreModules/nginx/config/nginx/site_ssl-wwwredir index 639af0b..a43a6fc 100644 --- a/CoreModules/nginx/config/nginx/site_ssl-wwwredir +++ b/CoreModules/nginx/config/nginx/site_ssl-wwwredir @@ -11,9 +11,9 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.DOMAINname; - ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; - ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key; - ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; + ssl_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem; + ssl_certificate_key /etc/acmesh/inst/DOMAINname/key.pem; + ssl_trusted_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem; include snippets/ngx-ssl.conf; return 301 https://DOMAINname$request_uri; } diff --git a/CoreModules/nginx_nonphp/conf.sh b/CoreModules/nginx_nonphp/conf.sh index ab4fece..de20896 100644 --- a/CoreModules/nginx_nonphp/conf.sh +++ b/CoreModules/nginx_nonphp/conf.sh @@ -28,5 +28,8 @@ sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl # custom Welcome page echo "$webserv is functioning normally" > /usr/share/nginx/html/index.html +#Add Nginx as SSL service +echo "nginx" >> /etc/ICTM/SslServices + systemctl start nginx > $OUTPUT 2>&1 systemctl enable nginx > $OUTPUT 2>&1 \ No newline at end of file diff --git a/Scripts/EnableSSL.sh b/Scripts/EnableSSL.sh index 098b300..d522d03 100644 --- a/Scripts/EnableSSL.sh +++ b/Scripts/EnableSSL.sh @@ -37,6 +37,8 @@ fi if test $certsatus -eq 0 then site_ext="ssl" + mkdir -p /etc/acmesh/inst/$domain + /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)' else site_ext="nossl" rm -rf /etc/acmesh/certs/$domain* diff --git a/installer.sh b/installer.sh index 035a81d..e9ee770 100644 --- a/installer.sh +++ b/installer.sh @@ -671,6 +671,8 @@ if [ $sslenable = 1 ]; then if test $certsatus -eq 0 then site_ext="ssl" + mkdir -p /etc/acmesh/inst/$domain + /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)' else site_ext="nossl" rm -rf /etc/acmesh/certs/$domain* @@ -682,6 +684,8 @@ if [ $sslenable = 1 ]; then if test $certsatusBackend -eq 0 then siteBackend_ext="ssl" + mkdir -p /etc/acmesh/inst/$hostname + /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --install-cert --ecc --domain $hostname --cert-file /etc/acmesh/inst/$hostname/cert.pem --key-file /etc/acmesh/inst/$hostname/key.pem --ca-file /etc/acmesh/inst/$hostname/ca.cer --fullchain-file /etc/acmesh/inst/$hostname/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)' else siteBackend_ext="nossl" rm -rf /etc/acmesh/certs/$hostname*